General
-
Target
4a2902958e01cc91f2e71736e0de83aa_JaffaCakes118
-
Size
1.9MB
-
Sample
240516-j5anzaca72
-
MD5
4a2902958e01cc91f2e71736e0de83aa
-
SHA1
dcd0b86a807feeb0aa8e1178961b2685fb5cb502
-
SHA256
c826d112cbfa6ac5f2950113046c40a0aa00bc1595a0f2019d108df02b99b0a4
-
SHA512
ba14483508d21b04f99f42f8e544af296d214569a1d0ef8bae173a6acbe84f3f5e14b6b637685b1dfd5a794b5473f7276a71d0ea039e9bdab64552b5064d3c35
-
SSDEEP
49152:P+NJvFDhjAe+RVZWI1oLTXD3+s5RHj7KoLl+c733H:0Ch3tmLTL+szfKoZT33H
Behavioral task
behavioral1
Sample
4a2902958e01cc91f2e71736e0de83aa_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
4a2902958e01cc91f2e71736e0de83aa_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
4a2902958e01cc91f2e71736e0de83aa_JaffaCakes118
-
Size
1.9MB
-
MD5
4a2902958e01cc91f2e71736e0de83aa
-
SHA1
dcd0b86a807feeb0aa8e1178961b2685fb5cb502
-
SHA256
c826d112cbfa6ac5f2950113046c40a0aa00bc1595a0f2019d108df02b99b0a4
-
SHA512
ba14483508d21b04f99f42f8e544af296d214569a1d0ef8bae173a6acbe84f3f5e14b6b637685b1dfd5a794b5473f7276a71d0ea039e9bdab64552b5064d3c35
-
SSDEEP
49152:P+NJvFDhjAe+RVZWI1oLTXD3+s5RHj7KoLl+c733H:0Ch3tmLTL+szfKoZT33H
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-